Juice Shop scann report
| Risk Level | Number of Alerts |
|---|---|
|
High
|
0
|
|
Medium
|
4
|
|
Low
|
4
|
| Name | Risk Level | Number of Instances |
|---|---|---|
| Content Security Policy (CSP) Header Not Set | Medium | 50 |
| Cross-Domain Misconfiguration | Medium | 41 |
| Missing Anti-clickjacking Header | Medium | 40 |
| Session ID in URL Rewrite | Medium | 159 |
| Cross-Domain JavaScript Source File Inclusion | Low | 20 |
| Private IP Disclosure | Low | 1 |
| Timestamp Disclosure - Unix | Low | 5 |
| X-Content-Type-Options Header Missing | Low | 159 |
| HTTP Response Code | Number of Responses |
|---|
| Parameter Name | Type | Flags | Times Used | # Values |
|---|
| HTTP Response Code | Number of Responses |
|---|---|
| 304 Not Modified |
518
|
| 200 OK |
650
|
| 101 Switching Protocols |
40
|
| Parameter Name | Type | Flags | Times Used | # Values |
|---|---|---|---|---|
|
cookieconsent_status
|
Cookie
|
464
|
1
|
|
|
language
|
Cookie
|
932
|
1
|
|
|
welcomebanner_status
|
Cookie
|
552
|
1
|
|
|
EIO
|
URL
|
199
|
1
|
|
|
name
|
URL
|
80
|
1
|
|
|
q
|
URL
|
40
|
1
|
|
|
sid
|
URL
|
159
|
40
|
|
|
t
|
URL
|
159
|
158
|
|
|
transport
|
URL
|
199
|
2
|
|
|
Accept-Ranges
|
Header
|
518
|
1
|
|
|
Access-Control-Allow-Origin
|
Header
|
1009
|
1
|
|
|
Cache-Control
|
Header
|
518
|
1
|
|
|
Connection
|
Header
|
1208
|
2
|
|
|
Content-Length
|
Header
|
650
|
37
|
|
|
Content-Type
|
Header
|
650
|
12
|
|
|
Date
|
Header
|
1168
|
36
|
|
|
ETag
|
Header
|
1009
|
35
|
|
|
Feature-Policy
|
Header
|
1009
|
1
|
|
|
Keep-Alive
|
Header
|
1168
|
1
|
|
|
Last-Modified
|
Header
|
518
|
3
|
|
|
Sec-WebSocket-Accept
|
Header
|
40
|
40
|
|
|
Upgrade
|
Header
|
40
|
1
|
|
|
Vary
|
Header
|
384
|
1
|
|
|
X-Content-Type-Options
|
Header
|
1009
|
1
|
|
|
X-Frame-Options
|
Header
|
1009
|
1
|
|
|
X-Recruiting
|
Header
|
1009
|
1
|
|
Medium |
Content Security Policy (CSP) Header Not Set |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | http://localhost:3000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 117 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 346 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/assets/public/favicon_js.ico |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 151 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/index |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 128 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/main.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 130 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/polyfills.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 135 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/runtime.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 133 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/styles.css |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 133 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/vendor.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 132 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/assets/public/images/hackingInstructor.png |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 382 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL69Nu&sid=wbLdn0BM8HLGLsZMAAOh |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 427 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL69s2&sid=4Is98Y-O0rui62QvAAOj |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 448 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6AIH&sid=51bU_j4kLcMn0Gd-AAOl |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 427 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6Alu&sid=UDBdkq5Bo4JDK79NAAOn |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 427 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6BLv&sid=8o0UZpDQGirok7F9AAOp |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 427 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6Bxv&sid=TfINduwbbvo36TlXAAOr |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 427 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6Ccu&sid=dWvWGJBtCieMnzfKAAOz |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 427 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6CKM&sid=o4ZbVaitb3boxlMUAAOt |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6CLE&sid=ORB4Gz_NRaUF8Q2kAAOu |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6CNo&sid=ygptOd6jYiZ3YnPBAAOw |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 448 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6CvZ&sid=cdc4NT9W5d4MtKkdAAO1 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6DOj&sid=l9-kMbayu326SACWAAO3 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 427 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6DOL&sid=pREp2MIk7zHbgFc1AAO4 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 448 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6DOz&sid=NgjGdriJOQYoqjhbAAO5 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6DP7&sid=68H9aiFrmKN0iZ9FAAO6 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6DvJ&sid=hdFGHPvjzC9ITcpnAAO_ |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6E-t&sid=Vt2ywTpL4bSItLQDAAPP |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 508 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6EEm&sid=pvsOxNKunrKiBtnBAAPB |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 427 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6EGT&sid=px43s8vle1Y1TtXIAAPC |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6EhM&sid=q8jh0YDvmhsJyL-CAAPJ |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6EHn&sid=EMHYZ9It5owbZlUEAAPD |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6Ekh&sid=lSRd39JyAsgoHYEHAAPK |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6ENN&sid=8-gB_t-CE8u-lYn4AAPH |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6Evu&sid=KWBje_AhqfGWLFKqAAPN |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6Ewc&sid=CWDqN7UcL7SeYpzVAAPO |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 508 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6F5Y&sid=g-IsKzTBY6-3RnfJAAPT |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6F9B&sid=OJqozdCqOqeId4uSAAPU |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 427 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6Feg&sid=lf9XWxCmx-tPJiBhAAPg |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6Fgp&sid=WYCTEIYgm4gzVJzeAAPf |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6FO3&sid=TpzCu3Xqh3ejl9t0AAPX |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6FRO&sid=LAU0vjfE_MA-c_csAAPZ |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 508 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6FTJ&sid=LkT4VpSgUFmkD4bUAAPY |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 508 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6FuD&sid=GDkuxBITVrmOJPaQAAPj |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6FV5&sid=8Hc1YKux45hIuVVCAAPa |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 508 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6Fvz&sid=5wSumci1bYR6fG4aAAPm |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 508 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6FwX&sid=33YHm_zVf3M0WAxbAAPl |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 427 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6FzR&sid=Q9UHEQqQbYefvcj5AAPk |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 508 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6G6A&sid=J8on5AquFi6zi9CkAAPr |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 508 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6G6x&sid=3-tzZo6dO2kVmpYmAAPs |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 508 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| URL | http://localhost:3000/socket.io/?EIO=4&transport=polling&t=OrL6GBh&sid=hem5h8SQxMM9MxXxAAPt |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 478 bytes. | |
| Request Body - size: 2 bytes. | |
| Response Header - size: 147 bytes. | |
| Response Body - size: 2 bytes. | |
| Instances | 50 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
|
| Reference |
https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html http://www.w3.org/TR/CSP/ http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html http://www.html5rocks.com/en/tutorials/security/content-security-policy/ http://caniuse.com/#feat=contentsecuritypolicy http://content-security-policy.com/ |
| Tags |
OWASP_2021_A05
OWASP_2017_A06 |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10038 |
|
Medium |
Cross-Domain Misconfiguration |
|---|---|
| Description |
Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server
|
| URL | http://localhost:3000 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 117 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 346 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/assets/public/favicon_js.ico |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 151 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/index |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 128 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/main.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 130 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/polyfills.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 135 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/runtime.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 133 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/styles.css |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 133 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/.git/vendor.js |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 132 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 466 bytes. | |
| Response Body - size: 1,987 bytes. | |
| URL | http://localhost:3000/api/Challenges/?name=Score%20Board |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 331 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 386 bytes. | |
| Response Body - size: 624 bytes. | |
| URL | http://localhost:3000/api/Quantitys/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 311 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 388 bytes. | |
| Response Body - size: 5,991 bytes. | |
| URL | http://localhost:3000/assets/i18n/en.json |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 316 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 475 bytes. | |
| Response Body - size: 28,685 bytes. | |
| URL | http://localhost:3000/assets/public/favicon_js.ico |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Access-Control-Allow-Origin: * |
| Request Header - size: 338 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 456 bytes. | |
| Response Body - size: 15,086 bytes. | |